4207 matches found
CVE-2017-14180
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability tha...
CVE-2018-6184
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /next request namespace...
CVE-2018-6184
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /next request namespace...
glibc 2.26 - getcwd() Local Privilege Escalation
glibc 2.26 - getcwd Local Privilege Escalation / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the...
Apport / ABRT chroot Privilege Escalation
This module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace "container". Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing t...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0007) (Spectre)
The remote OracleVM system is missing necessary patches to address critical security updates : - x86/ibrs: Remove 'ibrsdump' and remove the prdebug Konrad Rzeszutek Wilk Orabug: 27350825 - kABI: Revert kABI: Make the bootcpudata look normal Konrad Rzeszutek Wilk CVE-2017-5715 - userns: prevent...
USN-3480-3 apport regression
USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local...
USN-3480-3: Apport regression
USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local...
GitLab: GitHub import allows user to create child group under existing namespace
When importing a GitHub repository on GitLab, a request is made to /import/github. The user is allowed to pass along a target namespace where they want to add the repository. In this process, the code will create the namespace if it doesn't exist already. However, this can be used to create a...
Important kernel security update: Virtuozzo ReadyKernel patch 40.0 for Virtuozzo 7.0.5
The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernel 3.10.0-514.26.1.vz7.33.22 Virtuozzo 7.0.5. Vulnerability id: PSBM-78904 Potential use-after-free in the processing of namespaces...
CVE-2017-17449
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
CVE-2017-17448
net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnlcthelperlist data structure is shared across all net namespaces...
DEBIAN-CVE-2017-17449
The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAPNETADMIN...
FreeBSD : FreeBSD -- POSIX shm allows jails to access global namespace (5b1463dd-dab3-11e7-b5af-a4badb2f4699)
Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact : A malicious user that has access to a jailed system is able to abuse shared memory by injecting...
Linux kernel access restriction bypass vulnerability
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the net/netfilter/nfnetlinkcthelper.c file in Linux kernel 4.14.4 and earlier, which stems from the nfnlcthelperlist data structure...
UBUNTU-CVE-2017-17450
net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows local users to bypass intended access restrictions because the xtosffingers data structure is shared across all net namespaces...
USN-3480-2 apport regressions
USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash...
ZEIT Next.js Directory Traversal Vulnerability
Next.js is a minimalist server-side rendering framework for React applications. A directory traversal vulnerability exists in ZEIT Next.js versions prior to 2.4.1 under the /next and /static request namespaces. An attacker can exploit this vulnerability to obtain sensitive information...
PT-2017-14612 · Vercel · Next.Js
Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 2.4.1 Description: The issue allows attackers to obtain sensitive information through directory traversal under the /static and / next request namespaces. Recommendations: For versions prior to 2.4.1, update to versi...
Ubuntu 14.04 LTS / 16.04 LTS : Apport vulnerabilities (USN-3480-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3480-1 advisory. Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a deni...